# Jake's Audit Notes: IDEX AMM Client: IDEX AMM https://github.com/idexio/idex-contracts-silverton: main / ebd8066554fe10052baf1bb05ccfd2eb56e20dcf Audit type: Silverton ## Whitepaper & specification about the protocol https://docs.google.com/document/d/1llJxFet8RUlGwukkpelXt6ZM3fkUc7EONxmu6FnTzj4/edit# Fork of Pancake Swap which implements "hybrid liquidity pools". Order matching is completed off chain and supports limit orders with partial fills. ## Review of the protocol/implementation ### Exchange.sol [1] **Event removed but docstring remains** **Severity: Informational** Lines [204-205](https://github.com/idexio/idex-contracts-silverton/blob/ebd8066554fe10052baf1bb05ccfd2eb56e20dcf/contracts/Exchange.sol#L204) have docstrings relating to the event `executeOrderBookTrade`, but this has been removed in `ebd8066`. [2] **User access roles are split between Exchange.sol and Owned.sol** **Severity: Low?** Both the Owned mixin and Exchange.sol are used to define and manage user roles, with `onlyMigrator` and `onlyDispatcher` defined in Exchange.sol and `onlyOwner` and `onlyAdmin` defined in Owned.sol. Same applies in [`LiquidityProviderToken.sol`](https://github.com/idexio/idex-contracts-silverton/blob/ebd8066554fe10052baf1bb05ccfd2eb56e20dcf/contracts/LiquidityProviderToken.sol#L49). Recommendations: [a] Use a consistent approach for user access. [b] Use a widely used and audited library to manage the different roles.